hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13935 from yoff/python/mad-on-externals

Browse Source 
Python: MaD on externals
This commit is contained in:
yoff
2023-08-28 14:04:54 +02:00
committed by GitHub
parent 826b8e6aa5 ad49eada48
commit 6e05246daa
10 changed files with 117 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/identical-files.json
View File

@@ -556,5 +556,9 @@
"EncryptionKeySizes Python/Java": [
"python/ql/lib/semmle/python/security/internal/EncryptionKeySizes.qll",
"java/ql/lib/semmle/code/java/security/internal/EncryptionKeySizes.qll"
],
"Python model summaries test extension": [
"python/ql/test/experimental/dataflow/model-summaries/InlineTaintTest.ext.yml",
"python/ql/test/experimental/dataflow/model-summaries/NormalDataflowTest.ext.yml"
]
}

2
python/ql/lib/qlpack.yml
View File

@@ -13,5 +13,5 @@ dependencies:
codeql/util: ${workspace}
codeql/yaml: ${workspace}
dataExtensions:
- semmle/python/frameworks/**/model.yml
- semmle/python/frameworks/**/*.model.yml
warnOnImplicitThis: true

0
python/ql/lib/semmle/python/frameworks/data/internal/model.yml → python/ql/lib/semmle/python/frameworks/data/internal/empty.model.yml
View File

18
python/ql/test/experimental/dataflow/model-summaries/InlineTaintTest.ext.yml Normal file
View File

@@ -0,0 +1,18 @@
extensions:
- addsTo:
pack: codeql/python-all
extensible: summaryModel
data:
- ["foo", "Member[MS_identity]", "Argument[0]", "ReturnValue", "value"]
- ["foo", "Member[MS_apply_lambda]", "Argument[1]", "Argument[0].Parameter[0]", "value"]
- ["foo", "Member[MS_apply_lambda]", "Argument[0].ReturnValue", "ReturnValue", "value"]
- ["foo", "Member[MS_reversed]", "Argument[0].ListElement", "ReturnValue.ListElement", "value"]
- ["foo", "Member[MS_reversed]", "Argument[0]", "ReturnValue", "taint"]
- ["foo", "Member[MS_list_map]", "Argument[1].ListElement", "Argument[0].Parameter[0]", "value"]
- ["foo", "Member[MS_list_map]", "Argument[0].ReturnValue", "ReturnValue.ListElement", "value"]
- ["foo", "Member[MS_list_map]", "Argument[1]", "ReturnValue", "taint"]
- ["foo", "Member[MS_append_to_list]", "Argument[0].ListElement", "ReturnValue.ListElement", "value"]
- ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue.ListElement", "value"]
- ["foo", "Member[MS_append_to_list]", "Argument[0]", "ReturnValue", "taint"]
- ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue", "taint"]
- ["json", "Member[MS_loads]", "Argument[0]", "ReturnValue", "taint"]

1
python/ql/test/experimental/dataflow/model-summaries/InlineTaintTest.ql
View File

@@ -1,4 +1,3 @@
import python
private import TestSummaries
import experimental.meta.InlineTaintTest
import MakeInlineTaintTest<TestTaintTrackingConfig>

18
python/ql/test/experimental/dataflow/model-summaries/NormalDataflowTest.ext.yml Normal file
View File

@@ -0,0 +1,18 @@
extensions:
- addsTo:
pack: codeql/python-all
extensible: summaryModel
data:
- ["foo", "Member[MS_identity]", "Argument[0]", "ReturnValue", "value"]
- ["foo", "Member[MS_apply_lambda]", "Argument[1]", "Argument[0].Parameter[0]", "value"]
- ["foo", "Member[MS_apply_lambda]", "Argument[0].ReturnValue", "ReturnValue", "value"]
- ["foo", "Member[MS_reversed]", "Argument[0].ListElement", "ReturnValue.ListElement", "value"]
- ["foo", "Member[MS_reversed]", "Argument[0]", "ReturnValue", "taint"]
- ["foo", "Member[MS_list_map]", "Argument[1].ListElement", "Argument[0].Parameter[0]", "value"]
- ["foo", "Member[MS_list_map]", "Argument[0].ReturnValue", "ReturnValue.ListElement", "value"]
- ["foo", "Member[MS_list_map]", "Argument[1]", "ReturnValue", "taint"]
- ["foo", "Member[MS_append_to_list]", "Argument[0].ListElement", "ReturnValue.ListElement", "value"]
- ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue.ListElement", "value"]
- ["foo", "Member[MS_append_to_list]", "Argument[0]", "ReturnValue", "taint"]
- ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue", "taint"]
- ["json", "Member[MS_loads]", "Argument[0]", "ReturnValue", "taint"]

1
python/ql/test/experimental/dataflow/model-summaries/NormalDataflowTest.ql
View File

@@ -1,3 +1,2 @@
import python
private import TestSummaries
import experimental.dataflow.TestUtil.NormalDataflowTest

25
python/ql/test/experimental/dataflow/model-summaries/TestSummaries.qll
View File

@@ -1,25 +0,0 @@
private import python
private import semmle.python.dataflow.new.FlowSummary
private import semmle.python.frameworks.data.ModelsAsData
private import semmle.python.ApiGraphs
private class StepsFromModel extends ModelInput::SummaryModelCsv {
override predicate row(string row) {
row =
[
"foo;Member[MS_identity];Argument[0];ReturnValue;value",
"foo;Member[MS_apply_lambda];Argument[1];Argument[0].Parameter[0];value",
"foo;Member[MS_apply_lambda];Argument[0].ReturnValue;ReturnValue;value",
"foo;Member[MS_reversed];Argument[0].ListElement;ReturnValue.ListElement;value",
"foo;Member[MS_reversed];Argument[0];ReturnValue;taint",
"foo;Member[MS_list_map];Argument[1].ListElement;Argument[0].Parameter[0];value",
"foo;Member[MS_list_map];Argument[0].ReturnValue;ReturnValue.ListElement;value",
"foo;Member[MS_list_map];Argument[1];ReturnValue;taint",
"foo;Member[MS_append_to_list];Argument[0].ListElement;ReturnValue.ListElement;value",
"foo;Member[MS_append_to_list];Argument[1];ReturnValue.ListElement;value",
"foo;Member[MS_append_to_list];Argument[0];ReturnValue;taint",
"foo;Member[MS_append_to_list];Argument[1];ReturnValue;taint",
"json;Member[MS_loads];Argument[0];ReturnValue;taint"
]
}
}

76
python/ql/test/library-tests/frameworks/data/test.ext.yml Normal file
View File

@@ -0,0 +1,76 @@
extensions:
# Contribute empty data sets to avoid errors about an undefined extensionals
- addsTo:
pack: codeql/python-all
extensible: sourceModel
data:
- ["testlib", "Member[getSource].ReturnValue", "test-source"]
- ["testlib.Alias", "", "test-source"]
# testing parameter syntax
- ["testlib", "Member[Callbacks].Member[first].Argument[0].Parameter[0]", "test-source"]
- ["testlib", "Member[Callbacks].Member[param1to3].Argument[0].Parameter[1..3]", "test-source"]
- ["testlib", "Member[Callbacks].Member[nonFirst].Argument[0].Parameter[1..]", "test-source"]
# Common tokens.
- ["testlib", "Member[CommonTokens].Member[makePromise].ReturnValue.Awaited", "test-source"]
- ["testlib", "Member[CommonTokens].Member[Class].Instance", "test-source"]
- ["testlib", "Member[CommonTokens].Member[Super].Subclass.Instance", "test-source"]
# method
- ["testlib", "Member[CommonTokens].Member[Class].Instance.Method[foo]", "test-source"]
# testing non-positional arguments
- ["testlib", "Member[ArgPos].Member[MyClass].Subclass.Member[foo].Parameter[self]", "test-source"]
- ["testlib", "Member[ArgPos].Member[MyClass].Subclass.Member[foo].Parameter[named:]", "test-source"]
- ["testlib", "Member[ArgPos].Member[MyClass].Subclass.Member[secondAndAfter].Parameter[1..]", "test-source"]
- ["testlib", "Member[ArgPos].Member[MyClass].Subclass.Member[otherSelfTest].Parameter[0]", "test-source"]
- ["testlib", "Member[ArgPos].Member[MyClass].Subclass.Member[anyParam].Parameter[any]", "test-source"]
- ["testlib", "Member[ArgPos].Member[MyClass].Subclass.Member[anyNamed].Parameter[any-named]", "test-source"]
- addsTo:
pack: codeql/python-all
extensible: sinkModel
data:
- ["testlib", "Member[mySink].Argument[0,sinkName:]", "test-sink"]
# testing argument syntax
- ["testlib", "Member[Args].Member[arg0].Argument[0]", "test-sink"]
- ["testlib", "Member[Args].Member[arg1to3].Argument[1..3]", "test-sink"]
- ["testlib", "Member[Args].Member[lastarg].Argument[N-1]", "test-sink"]
- ["testlib", "Member[Args].Member[nonFist].Argument[1..]", "test-sink"]
# callsite filter.
- ["testlib", "Member[CallFilter].Member[arityOne].WithArity[1].Argument[any]", "test-sink"]
- ["testlib", "Member[CallFilter].Member[twoOrMore].WithArity[2..].Argument[0..]", "test-sink"]
# testing non-positional arguments
- ["testlib", "Member[ArgPos].Instance.Member[self_thing].Argument[self]", "test-sink"]
# any argument
- ["testlib", "Member[ArgPos].Member[anyParam].Argument[any]", "test-sink"]
- ["testlib", "Member[ArgPos].Member[anyNamed].Argument[any-named]", "test-sink"]
# testing package syntax
- ["foo1.bar", "Member[baz1].Argument[any]", "test-sink"]
- ["foo2", "Member[bar].Member[baz2].Argument[any]", "test-sink"]
# testing fuzzy
- ["testlib", "Fuzzy.Member[fuzzyCall].Argument[0]", "test-sink"]
# testing syntax errors
- ["testlib", "Member[foo],Member[bar]", "test-sink"]
- ["testlib", "Member[foo] Member[bar]", "test-sink"]
- ["testlib", "Member[foo]. Member[bar]", "test-sink"]
- ["testlib", "Member[foo], Member[bar]", "test-sink"]
- ["testlib", "Member[foo]..Member[bar]", "test-sink"]
- ["testlib", "Member[foo] .Member[bar]", "test-sink"]
- ["testlib", "Member[foo]Member[bar]", "test-sink"]
- ["testlib", "Member[foo", "test-sink"]
- ["testlib", "Member[foo]]", "test-sink"]
- ["testlib", "Member[foo]].Member[bar]", "test-sink"]
- addsTo:
pack: codeql/python-all
extensible: summaryModel
data:
- ["testlib", "Member[Steps].Member[preserveTaint].Call", "Argument[0]", "ReturnValue", "taint"]
- ["testlib", "Member[Steps].Member[taintIntoCallback]", "Argument[0]", "Argument[1..2].Parameter[0]", "taint"]
- ["testlib", "Member[Steps].Member[preserveArgZeroAndTwo]", "Argument[0,2]", "ReturnValue", "taint"]
- ["testlib", "Member[Steps].Member[preserveAllButFirstArgument].Call", "Argument[1..]", "ReturnValue", "taint"]
- addsTo:
pack: codeql/python-all
extensible: typeModel
data:
- ["testlib.Alias", "testlib", "Member[alias].ReturnValue"]
- ["testlib.Alias", "testlib.Alias", "Member[chain].ReturnValue"]

98
python/ql/test/library-tests/frameworks/data/test.ql
View File

@@ -5,86 +5,6 @@ import semmle.python.dataflow.new.TaintTracking
import semmle.python.dataflow.new.DataFlow
private import semmle.python.ApiGraphs
class Steps extends ModelInput::SummaryModelCsv {
override predicate row(string row) {
// type;path;input;output;kind
row =
[
"testlib;Member[Steps].Member[preserveTaint].Call;Argument[0];ReturnValue;taint",
"testlib;Member[Steps].Member[taintIntoCallback];Argument[0];Argument[1..2].Parameter[0];taint",
"testlib;Member[Steps].Member[preserveArgZeroAndTwo];Argument[0,2];ReturnValue;taint",
"testlib;Member[Steps].Member[preserveAllButFirstArgument].Call;Argument[1..];ReturnValue;taint",
]
}
}
class Types extends ModelInput::TypeModelCsv {
override predicate row(string row) {
// type1;type2;path
row =
[
"testlib.Alias;testlib;Member[alias].ReturnValue",
"testlib.Alias;testlib.Alias;Member[chain].ReturnValue",
]
}
}
class Sinks extends ModelInput::SinkModelCsv {
override predicate row(string row) {
// type;path;kind
row =
[
"testlib;Member[mySink].Argument[0,sinkName:];test-sink",
// testing argument syntax
"testlib;Member[Args].Member[arg0].Argument[0];test-sink", //
"testlib;Member[Args].Member[arg1to3].Argument[1..3];test-sink", //
"testlib;Member[Args].Member[lastarg].Argument[N-1];test-sink", //
"testlib;Member[Args].Member[nonFist].Argument[1..];test-sink", //
// callsite filter.
"testlib;Member[CallFilter].Member[arityOne].WithArity[1].Argument[any];test-sink", //
"testlib;Member[CallFilter].Member[twoOrMore].WithArity[2..].Argument[0..];test-sink", //
// testing non-positional arguments
"testlib;Member[ArgPos].Instance.Member[self_thing].Argument[self];test-sink", //
// any argument
"testlib;Member[ArgPos].Member[anyParam].Argument[any];test-sink", //
"testlib;Member[ArgPos].Member[anyNamed].Argument[any-named];test-sink", //
// testing package syntax
"foo1.bar;Member[baz1].Argument[any];test-sink", //
"foo2;Member[bar].Member[baz2].Argument[any];test-sink", //
// testing fuzzy
"testlib;Fuzzy.Member[fuzzyCall].Argument[0];test-sink", //
]
}
}
class Sources extends ModelInput::SourceModelCsv {
// type;path;kind
override predicate row(string row) {
row =
[
"testlib;Member[getSource].ReturnValue;test-source", //
"testlib.Alias;;test-source",
// testing parameter syntax
"testlib;Member[Callbacks].Member[first].Argument[0].Parameter[0];test-source", //
"testlib;Member[Callbacks].Member[param1to3].Argument[0].Parameter[1..3];test-source", //
"testlib;Member[Callbacks].Member[nonFirst].Argument[0].Parameter[1..];test-source", //
// Common tokens.
"testlib;Member[CommonTokens].Member[makePromise].ReturnValue.Awaited;test-source", //
"testlib;Member[CommonTokens].Member[Class].Instance;test-source", //
"testlib;Member[CommonTokens].Member[Super].Subclass.Instance;test-source", //
// method
"testlib;Member[CommonTokens].Member[Class].Instance.Method[foo];test-source", //
// testing non-positional arguments
"testlib;Member[ArgPos].Member[MyClass].Subclass.Member[foo].Parameter[self];test-source", //
"testlib;Member[ArgPos].Member[MyClass].Subclass.Member[foo].Parameter[named:];test-source", //
"testlib;Member[ArgPos].Member[MyClass].Subclass.Member[secondAndAfter].Parameter[1..];test-source", //
"testlib;Member[ArgPos].Member[MyClass].Subclass.Member[otherSelfTest].Parameter[0];test-source", //
"testlib;Member[ArgPos].Member[MyClass].Subclass.Member[anyParam].Parameter[any];test-source", //
"testlib;Member[ArgPos].Member[MyClass].Subclass.Member[anyNamed].Parameter[any-named];test-source", //
]
}
}
class BasicTaintTracking extends TaintTracking::Configuration {
BasicTaintTracking() { this = "BasicTaintTracking" }
@@ -109,24 +29,6 @@ query predicate isSource(DataFlow::Node node, string kind) {
node = ModelOutput::getASourceNode(kind).asSource()
}
class SyntaxErrorTest extends ModelInput::SinkModelCsv {
override predicate row(string row) {
row =
[
"testlib;Member[foo],Member[bar];test-sink", //
"testlib;Member[foo] Member[bar];test-sink", //
"testlib;Member[foo]. Member[bar];test-sink", //
"testlib;Member[foo], Member[bar];test-sink", //
"testlib;Member[foo]..Member[bar];test-sink", //
"testlib;Member[foo] .Member[bar];test-sink", //
"testlib;Member[foo]Member[bar];test-sink", //
"testlib;Member[foo;test-sink", //
"testlib;Member[foo]];test-sink", //
"testlib;Member[foo]].Member[bar];test-sink", //
]
}
}
query predicate syntaxErrors(AccessPathSyntax::AccessPath path) { path.hasSyntaxError() }
query predicate warning = ModelOutput::getAWarning/0;